Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Digicert cis fixes (#540)

This commit is contained in:
kevgliss 2016-11-29 17:15:39 -08:00 committed by GitHub
parent 058d2938fb
commit 588ac1d6a6
6 changed files with 31 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lemur/authorities/views.py
View File

@ -219,6 +219,7 @@ class AuthoritiesList(AuthenticatedResource):
:statuscode 403: unauthenticated :statuscode 403: unauthenticated
:statuscode 200: no error :statuscode 200: no error
""" """
data['creator'] = g.current_user
return service.create(**data) return service.create(**data)

2
lemur/certificates/service.py
View File

@ -410,7 +410,7 @@ def create_csr(**csr_config):
csr = request.public_bytes( csr = request.public_bytes(
encoding=serialization.Encoding.PEM encoding=serialization.Encoding.PEM
) ).decode('utf-8')
return csr, private_key return csr, private_key

33
lemur/plugins/lemur_digicert/plugin.py
View File

@ -79,8 +79,8 @@ def get_issuance(options):
if not options.get('validity_end'): if not options.get('validity_end'):
options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1)) options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
validity_years = determine_validity_years(options['validity_end']) options['validity_years'] = determine_validity_years(options['validity_end'])
return validity_years return options
def get_additional_names(options): def get_additional_names(options):
@ -105,6 +105,8 @@ def map_fields(options, csr):
:param csr: :param csr:
:return: dict or valid DigiCert options :return: dict or valid DigiCert options
""" """
options = get_issuance(options)
data = { data = {
"certificate": "certificate":
{ {
@ -120,9 +122,7 @@ def map_fields(options, csr):
} }
data['certificate']['dns_names'] = get_additional_names(options) data['certificate']['dns_names'] = get_additional_names(options)
validity_years = get_issuance(options)
data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD') data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD')
data['validity_years'] = validity_years
return data return data
@ -135,7 +135,9 @@ def map_cis_fields(options, csr):
:param csr: :param csr:
:return: :return:
""" """
options = get_issuance(options)
data = { data = {
"profile_name": current_app.config.get('DIGICERT_CIS_PROFILE_NAME'),
"common_name": options['common_name'], "common_name": options['common_name'],
"additional_dns_names": get_additional_names(options), "additional_dns_names": get_additional_names(options),
"csr": csr, "csr": csr,
@ -243,11 +245,6 @@ class DigiCertIssuerPlugin(IssuerPlugin):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
"""Initialize the issuer with the appropriate details.""" """Initialize the issuer with the appropriate details."""
required_vars = [ required_vars = [
'DIGICERT_API_KEY',
'DIGICERT_URL',
'DIGICERT_ORG_ID',
'DIGICERT_ROOT',
'DIGICERT_INTERMEDIATE'
] ]
validate_conf(current_app, required_vars) validate_conf(current_app, required_vars)
@ -275,11 +272,15 @@ class DigiCertIssuerPlugin(IssuerPlugin):
determinator_url = "{0}/services/v2/order/certificate/ssl".format(base_url) determinator_url = "{0}/services/v2/order/certificate/ssl".format(base_url)
data = map_fields(issuer_options, csr) data = map_fields(issuer_options, csr)
response = self.session.post(determinator_url, data=json.dumps(data)) response = self.session.post(determinator_url, data=json.dumps(data))
if response.status_code > 399:
raise Exception(response.json()['message'])
order_id = response.json()['id'] order_id = response.json()['id']
certificate_id = get_certificate_id(self.session, base_url, order_id) certificate_id = get_certificate_id(self.session, base_url, order_id)
# retrieve certificate # retrieve ceqrtificate
certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id) certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content) end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
return str(end_entity), str(intermediate) return str(end_entity), str(intermediate)
@ -314,7 +315,6 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
required_vars = [ required_vars = [
'DIGICERT_CIS_API_KEY', 'DIGICERT_CIS_API_KEY',
'DIGICERT_CIS_URL', 'DIGICERT_CIS_URL',
'DIGICERT_CIS_ORG_ID',
'DIGICERT_CIS_ROOT', 'DIGICERT_CIS_ROOT',
'DIGICERT_CIS_INTERMEDIATE', 'DIGICERT_CIS_INTERMEDIATE',
'DIGICERT_CIS_PROFILE_NAME' 'DIGICERT_CIS_PROFILE_NAME'
@ -337,16 +337,21 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
base_url = current_app.config.get('DIGICERT_CIS_URL') base_url = current_app.config.get('DIGICERT_CIS_URL')
# make certificate request # make certificate request
create_url = '{0}/platform/cis/certificate' create_url = '{0}/platform/cis/certificate'.format(base_url)
data = map_cis_fields(issuer_options, csr) data = map_cis_fields(issuer_options, csr)
response = self.session.post(create_url, data=json.dumps(data)) response = self.session.post(create_url, data=json.dumps(data))
current_app.logger.debug(data)
if response.status_code > 399:
raise Exception(response.json()['errors'][0]['message'])
order_id = response.json()['id'] order_id = response.json()['id']
# retrieve certificate # retrieve certificate
certificate_pem = get_cis_certificate(self.session, base_url, order_id) certificate_pem = get_cis_certificate(self.session, base_url, order_id)
end_entity, intermediate, root = pem.parse(certificate_pem) end_entity = pem.parse(certificate_pem)[0]
return str(end_entity), str(intermediate) return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
@staticmethod @staticmethod
def create_authority(options): def create_authority(options):

10
lemur/plugins/lemur_digicert/tests/test_digicert.py
View File

@ -33,7 +33,6 @@ def test_map_fields(app):
'signature_hash': 'sha256' 'signature_hash': 'sha256'
}, },
'organization': {'id': 111111}, 'organization': {'id': 111111},
'validity_years': 1,
'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD') 'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
} }
@ -68,7 +67,8 @@ def test_map_cis_fields(app):
'organization': {'name': 'Example, Inc.', 'units': ['Example Org']}, 'organization': {'name': 'Example, Inc.', 'units': ['Example Org']},
'validity': { 'validity': {
'valid_to': arrow.get(2017, 5, 7).format('YYYY-MM-DD') 'valid_to': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
} },
'profile_name': None
} }
@ -81,14 +81,16 @@ def test_issuance():
'validity_start': arrow.get(2016, 10, 30) 'validity_start': arrow.get(2016, 10, 30)
} }
assert get_issuance(options) == 2 new_options = get_issuance(options)
assert new_options['validity_years'] == 2
options = { options = {
'validity_end': arrow.get(2017, 5, 7), 'validity_end': arrow.get(2017, 5, 7),
'validity_start': arrow.get(2016, 10, 30) 'validity_start': arrow.get(2016, 10, 30)
} }
assert get_issuance(options) == 1 new_options = get_issuance(options)
assert new_options['validity_years'] == 1
options = { options = {
'validity_end': arrow.get(2020, 5, 7), 'validity_end': arrow.get(2020, 5, 7),

4
lemur/static/app/angular/certificates/certificate/certificate.js vendored
View File

@ -213,7 +213,9 @@ angular.module('lemur')
.controller('CertificateCloneController', function ($scope, $uibModalInstance, CertificateApi, CertificateService, DestinationService, AuthorityService, AuthorityApi, PluginService, MomentService, WizardHandler, LemurRestangular, NotificationService, toaster, editId) { .controller('CertificateCloneController', function ($scope, $uibModalInstance, CertificateApi, CertificateService, DestinationService, AuthorityService, AuthorityApi, PluginService, MomentService, WizardHandler, LemurRestangular, NotificationService, toaster, editId) {
CertificateApi.get(editId).then(function (certificate) { CertificateApi.get(editId).then(function (certificate) {
$scope.certificate = certificate; $scope.certificate = certificate;
$scope.certificate.name = ''; // we should prefer the generated name. $scope.certificate.name = ''; // we should prefer the generated name
$scope.validityStart = null; // we should rely the defaults
$scope.validityEnd = null; // we should rely on the defaults
CertificateService.getDefaults($scope.certificate); CertificateService.getDefaults($scope.certificate);
}); });

2
lemur/tests/test_certificates.py
View File

@ -336,7 +336,7 @@ def test_create_basic_csr(client):
) )
csr, pem = create_csr(**csr_config) csr, pem = create_csr(**csr_config)
csr = x509.load_pem_x509_csr(csr, default_backend()) csr = x509.load_pem_x509_csr(csr.encode('utf-8'), default_backend())
for name in csr.subject: for name in csr.subject:
assert name.value in csr_config.values() assert name.value in csr_config.values()